What is this?
This is the first of a weekly “round up” that aims to summarize the security or IT related concepts I have worked on this week during my free time. My goal is to create a footprint for others to follow in if they so desire. When I was first learning the basics of security I struggled to find projects that I could work on to help me learn useful security practices and techniques. Some weeks will have have more content than others depending on the amount of free time I have.
- Went over SANS GSEC certification notes
- Spent entirely too long getting git.grahamhelton.com and twitter.grahamhelton.com to point to my twitter and github using DNS…
- Rebuilt homelab into a snazzy new case.
- Compiled some information about how to get started with docker to go through once I finish my SANS GSEC material
# Docker learning resources https://www.youtube.com/watch?v=wCTTHhehJbU https://www.youtube.com/watch?v=3c-iBn73dDE&feature=youtu.be https://www.youtube.com/watch?v=MnUtHSpcdLQ&feature=youtu.be
- Watched Black hills information security’s emergency log4j webcast
- Studied SANS GSEC notes
- Spent forever researching searx and borking installs.
- Fiddled with my recipe website to fix some formatting issues.
- Studied SANS GSEC notes
- Fixed searx install from previous day
- Wrote Thou Shall Not Snoop Our Searches - Searx Installation and Discussion
- Added some android VMs to my lab for future projects
Set up rsyslog server in my home lab via this tutorial (This was very easy)
- Noticed some weird things going on in my network. The first being some very strange pings every few minutes to some random IPs. After some researching I found a reddit post where someone described the same problem. Looks like its a part of PIA’s code to check the latency to their servers.
- Noticed UFW was blocking some more traffic that happened to beacon every 2 minutes and 6 seconds…
Investigated further with wireshark and found out it was an IGMP query packet to refresh the IPs of multicast group memberships. This was sent out by my router.
sudo tcpdump -i <interface> -s 65535 -w sketchy.pcap
- Listened to The Privacy, Security, and OSINT show episodes 242 and 243
- Discovered Privacy.sexy which is a collection of scripts to disable windows / mac features that reduce privacy
- Verified with PIA VPN that they do send out pings to all their servers every couple minutes to “verify connectivity” (This still makes me feel uneasy…)
- Went over GSEC notes.
- Studied GSEC
- Finished indexing GSEC books
- Formally accepted the agreement for the SANS Masters degree program (🎉 🎉🎉)
- Listened to darknet diaries #106
- Published this round-up
- Began looking for some open source asset management tool.
Have any questions
Do you have any questions? Feel free to reach out to me on twitter. See you next Sunday. :)